zSecure Basic Admin & Reporting

Virtual Classroom Environment dates - click to book!

What do I need?

• webcam
• headphones with microphone
• sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

• display RACF users and user information from the ISPF zSecure Admin panels
• manage RACF groups interactively and create printed reports
• administer RACF dataset and general resource profiles and examine access lists
• create textual reports on RACF users, groups, data sets, and general resources
• review and maintain RACF and Class Descriptor Table (CDT) options
• define and maintain input files to control your IBM Security zSecure Admin session
• use the reports provided with IBM Security zSecure Admin
• analyze RACF profiles containing segments
• review the installation's RACF control tables and analyze the group structure in the installation
• create reports on the RACF database and resolve inconsistencies
• customize installation data, compare users, queue commands, and run commands using CKGRACF.

Who Should Attend

The course is suitable for RACF Administrators responsible for RACF Administration at their installation.

Prerequisites

Attendees should have thorough working knowledge of RACF or have attended the RSM course RACF Administration & Auditing.

Duration

3 days

Fee (per attendee)

£2250 (ex VAT)

This includes free online 24/7 access to course notes.

Hard copy course notes are available on request from rsmshop@rsm.co.uk

at £50.00 plus carriage per set.

Course Code

ZSBA

Contents

Running IBM Security zSecure Admin

zSecure Admin; RACF management tool; RACF information sources; RACF databases; CKFREEZE information; IBM Security zSecure Collect; Information sources access; Overview of IBM Security zSecure Admin; Restricted view; Results; Using IBM Security zSecure Admin; Selecting input files; The Setup menu; The Setup files; Selecting Setup files.
Explains the basics of zSecure Admin, and shows how to select the appropriate input files.

Selecting & Displaying Existing RACF Profiles

Basic administration functions; Functional approach management; Profile type selection; Profile subset selection; Selecting user profiles; Advanced criteria; Other fields; Attributes; Segment presence or absence; Segment presence detailed selection; Output/run options; Results in ISPF format; Viewing additional user fields; User profile line commands; Detailed user information; Show all relevant user information; Print full page user report; Selecting group profiles; Additional criteria; Profile fields; Connect fields 64 Group profile line commands; Additional group information; Selecting dataset profiles; Additional criteria; Profile fields; Access list; Selected dataset profiles; Dataset profile line commands; Detailed dataset information; Access Control Lists (ACLs); ACL display formats; ACL order; ACL default display; ACL Explode; ACL Resolve; ACL - sort by access; Selecting general resource profiles; Additional criteria; Profile fields; Resource class list; General resource profiles in FACILITY class; General resource profile line command; Additional general resource information.
Explains how to find and view RACF profiles using zSecure Admin.

Profile Maintenance

Actions on a single profile; Executing actions; Running line commands; Managing logon information; The generated RACF command; Command generation; CKGRACF; Setup for command generation; Connect; Select user ID or group; Line command; Command execution; The C line command; The Copy connect panel; Adding ACL entries; Managing ACL entries; General resource ACLs; Modifying ACL members; Running the generated commands; Quick user administration; Modifications using quick user administration; Multiple RACF commands; Copying user IDs; The User copy panel; Commands generated to copy user ID; The Results panel; Command results; Running the commands; Viewing the results; Verify successful command execution; Deleting user IDs; The User Delete panel; User ID deletion commands; Manage TSO information for a user ID; Manage user ID TSO information commands; Recreate a user profile; Managing multiple profiles; Mass update; User Multiple Copy; Managing application segments.
Teaches how to use zSecure Admin to modify profiles.

Advanced Options

SETROPTS and class settings; Review and change current settings; Review and maintain SETROPTS; Review or maintain CDT settings 164 Show line commands for CDT settings; Review or maintain class details; Application configuratio; The Setup menu; Run options; Define a new set; Define a new set using existing datasets; Specify input dataset type; Optionally assign NJE node or system name; Define a new set using new datasets; Allocate space for new UNLOAD or CKFREEZE.
Reporting on Global RACF settings and how to define new zSecure Admin input sets.

RACF Administration Reports

Reporting RACF and resources; Profiles; Profiles overview; Profiles and datasets; Non-redundant profiles; Redundant profiles; Scope/Permit; User ID or group access; Match profiles; Match profiles selection display; View the RACF database Group Tree; Group Tree; Group Tree selection; Group Tree report; Report USERDATA and other miscellaneous reports; USERDATA; USERDATA details; Manage; Selected reports; Selected profile details; General Status and System Settings reports; Report profiles and segments; Profiles and segment reports; Display RACF control tables; Display RACF control tables select reports; Display the SETROPTS settings; Display RACF dataset names; Display the CDT settings; Display the CDT settings details; Report field-level access; Report field-level access checking; Report field-level access checking profiles; Displaying a FIELD class profile.
Explains the general RACF reporting functions included in zSecure Admin.

Specific Userid & Group Reports

Report user IDs based on password characteristics; Report RACF user ID population; User ID reports; User ID reports overview; Show user ID last logon overview summary (LGAGESUM); Last logon older than five years (LGAGE5YR); Show user IDs by password age summary (PWAGESUM); User ID password age 2-3 years (PWAGE2YR); User IDs with initial password (PWAGENEV); User IDs with failed password attempts (PWTRIES); User IDs with nonexpiring password (PWINNONE); User IDs using a password phrase; Reporting user IDs by attribute; User IDs with specific attributes; Reporting user IDs by attribute; User IDs with a specific attribute; Specify attribute; Review report; User IDs with any attribute; Selection; User IDs with a system attribute (AUTHSYS); User IDs with UID 0 (AUTHUID0); Group reports; Select group profile fields; Subgroups; Display; Report on group connect authority; Selection; Display; Report scope of a user ID; Specify exclusions; Display; Print format; Group tree report; Display; Connected user IDs; Comparing user IDs and groups; Comparing user profiles; Display permits; Display connects; Comparing group profiles; Display permits; Display permits details.
Explains how to use zSecure Admin to generate reports on user and group profiles stored in the RACF database.

Reporting Resource Profiles

Identify sensitive resources and global writable data; Report sensitive profiles; Specification; Display; Detail; Global Writable datasets; Display; Global writable UNIX files: Display; Reporting member lists; Members in multiple groups; Merged member list; Select profile fields; Show merged member list option; No display; No detail; Yes display; Duplicates; Global Access Checking tables and started task reporting; Select profile; Dataset detail; Privileged and trusted started tasks; Select statement; Show segment; Select task; Detail; No segment selection; Sorted; Reporting digital certificates ; Trusted only; Detail; CERTAUTH, SITE; Trusted due to expire.
The Resource related reports included in zSecure Admin are introduced and demonstrated.

RACF Management Reports

RACF database inconsistencies; RACF management; Verify; Verify panel; Restrict scope of Verify functions; Verify Permit: Orphan specification; Verify Permit; Verify User permit; Verify On volume; Verify (All) not empty; Verify Program; Verify Started task; CKGRACF the alternative way to access RACF; RACF management: CKGRACF; Types of CKGRACF queued commands; Timed commands; Timed commands diagram; Timed commands: Connect; Timed commands: Permit; Select profiles with queued commands; Line commands for queued commands; Refresh queued commands; Multiple-authority; Line command; Dual authority; Change user password; Run CKGRACF command; List queued commands; Action commands; Review request command; Password management; Set default password.
Explains the zSecure Admin verification options and CKGRACF features.

Customised Reports

Customized reporting; Custom report using standard output set; Show standard select and display statement; Adjust the selection criteria and display fields; Customized user ID overview report; Customize; Customized resource overview; Customized STARTED report; Customized STARTED report result; Customizing installation data; Installation data; Customizing installation data; Entities; Columns; Customizing INSTDATA; Overview display layout; Detail display specification; Customizing installation data; Result; Detail display; Print layout; RACF custom fields; Defining new RACF custom fields; Defining additional RACF custom fields; Activate newly defined RACF custom fields; Add segment; Assigning values to custom fields; Custom fields maintain values.
Explains how to customise reports, installation data, and how you can define and maintain RACF Custom Fields.

Question & Answer Session